Chinese hackers target Vietnam as South China Sea dispute ramps up

Vietnam is being targeted by Chinese hackers amid a period of tension between the two countries over the South China Sea, according to cyber-security company FireEye.

Both government and corporate targets have been impacted in recent weeks and FireEye has tracked the attacks back to suspected Chinese cyber spies. This conclusion is based partly on the fact that a Chinese group it had identified previously had used the same infrastructure before.

“Where China has often focused on the government before, this shows they are really hitting the full commercial sector potentially in Vietnam and trying to gather a broad base of information there,” said Ben Read, who heads FireEye’s cyber espionage team.

Chinese Foreign Ministry spokeswoman Hua Chunying said China opposed all forms of illegal internet activities or stealing of secrets and also opposed any accusations from any side against any country on the issue without cast-iron proof.

Vietnamese Foreign Ministry spokeswoman Le Thi Thu Hang said cyber-attacks should be severely punished in accordance with the law and that it was important for countries to secure their networks.

Vietnam denies allowing cyber espionage, although it has also been accused by FireEye of carrying out attacks.

Tension between China and neighbouring Vietnam is at its highest in three years over the disputed South China Sea, where Vietnam has emerged as the most vocal opponents of Beijing’s extensive claims.

Vietnam suspended oil drilling in offshore waters that are also claimed by China in July under pressure from Beijing.

China has appeared uneasy at Vietnam’s efforts to rally Southeast Asian countries over the South China Sea, as well as at its growing defence relationships with the United States, Japan and India.

China claims nearly all the South China Sea, through which an estimated $3tr in international trade passes each year. Brunei, Malaysia, the Philippines and Taiwan also have claims.

FireEye said the attacks in Vietnam involved sending users documents in Vietnamese which appeared to be requests for financial information. A broad range of companies appeared to have been targeted, it said, including financial institutions, without giving specific details.

When the user opened the documents, they delivered malware which could infect a computer and send back information to the cyber spies, also potentially letting them into the computer network.

FireEye linked the attacks to a team it calls Conimes because in the past it used the conimes.com domain. The team focuses on Southeast Asia, but its main target is Vietnam - even more so since tensions rose over the South China Sea, Read said.

He was unable to say exactly what information had been gathered.

Earlier this month, Vietnamese President Tran Dai Quang called for tighter Internet controls to provide better protection against cyber threats, as well as to prevent websites and social media publishing material damaging to the communist party.

Read said the attacks it had discovered on Vietnam were relatively unsophisticated and relied on users having pre-2012 versions of Microsoft Word.

“They are using comparatively simple techniques because apparently they work,” he said.

Earlier this week, China introduced a new set of regulations for its own citizens designed to prevent anonymous commenting online.